Overview

overview

8

Static

static

6

19278db554...b0.apk

android-9-x86

8

19278db554...b0.apk

android-10-x64

8

19278db554...b0.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a397ccb187460fe8790147ee81c8147838ce5ca8a55f33d822a8a8332e8173c7.zip

  • Size

    3.7MB

  • Sample

    250326-2xft5at1es

  • MD5

    26ac0471653ccd96bb9509a1ff243523

  • SHA1

    b8e56d7d1403d66ac2344d300e0d80c5bdf54e03

  • SHA256

    a397ccb187460fe8790147ee81c8147838ce5ca8a55f33d822a8a8332e8173c7

  • SHA512

    652e476c118172337b156ff51f7d8609d3af684eebeb5c85f6350f4f745c47f4750419f5a2e00a1c6ce41e16368cf6349c3f8137713277ea32bb2431b66a8d8c

  • SSDEEP

    98304:MHPweiWhsUUu4pYB/3zjTj6klg79tEn/Jf1t5:ugugczj6k6htEn/h1t5

Score
8/10
androidcollectioncredential_accessdefense_evasiondiscoveryevasionpersistencestealthtrojan

Malware Config

Targets

    • Target

      19278db5549027a224f9436c45ffdf0a0dc5ac630335fb2d9ff9d44da0f267b0.zip

    • Size

      3.9MB

    • MD5

      9d6c50c4103251cd45f93b380bb48bd6

    • SHA1

      1990d07867ec04fd0fb791bd347e2b410da5d114

    • SHA256

      19278db5549027a224f9436c45ffdf0a0dc5ac630335fb2d9ff9d44da0f267b0

    • SHA512

      35cad8d62c1d12bdfd499aa5720474df34d6ebf4bb577c5f5205c2e13012fb401c33605ae63119b5fff1bf86ce30e22faa9e038d06913a345831365b7bfc4c03

    • SSDEEP

      98304:CVyFi2cpk0uuKmiiaiAOFO4O4sbrrLOrGvIej4OAizcP9mtz:syqH/apOFO4C2r1extcP9mtz

    Score
    8/10
    defense_evasiondiscoveryevasionpersistencestealthtrojancollectioncredential_access

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      defense_evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Acquires the wake lock

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks